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DETAILED ACTION 
Claim Objections 

1 . Claim 32 is objected to because of the following informalities: On page 74, line 2 of claim 32; 
period is missing at the end of the sentence. Appropriate correction is required. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for 
the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless- 

(e) the invention was described in (1 ) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

3. Claim 1 is rejected under 35 U.S.C. 102(e) as being anticipated by McNabb et al. (US 6,289,462 
B1). 

McNabb et al. anticipate claim 1. 

McNabb et al. teach a method for managing user access information for access to one or more database 
network nodes, the method comprising: storing database user authorization in a central directory, the 
database user authorization comprising a user role; storing database user authentication information; 
locally defining the user role at a network node; receiving an access request from a user for the network 
node; authenticating the user based upon the database user authentication information; and granting the 
user privileges on the network node based upon the user role (col. 5, lines 20-30, lines 47-61 , col. 6, lines 
26-29, McNabb et al.). 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
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invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), 
that are applied for establishing a background for determining obviousness under 35 U.S.C. 103(a) are 
summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating obviousness or 
nonobviousness. 

6. Claims 2-4, 10, 11, 12, 13, 14, 15, 16, 17, 18 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over McNabb et al. (US 6,289,462 B1) as applied to claim 1 above, and further in view of 
Ferguson et al. (US 2002/0082818 A1). 

As per claim 2, McNabb et al. substantially teach the claimed invention described in claim 1 (as rejected 
above). 

However McNabb et al. do not explicitly teach the specific use of an LDAP-compatible directory. 
Ferguson et al. in an analogous art teach that this is accomplished by user authentication via a 
lightweight directory access protocol (LDAP) server that authenticates users within particular domain 
names that map to specific customer accounts (page 4, paragraph 41, Ferguson et al.). 
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was 
made to modify McNabb et al.'s patent with the teachings of Ferguson et al. by including an additional 
step of using an LDAP-compatible directory. 

This modification would have been obvious to one of ordinary skill in the art, at the time the invention was 
made, because one of ordinary skill in the art would have recognized that using an LDAP-compatible 
directory would provide the opportunity to use a hierarchical structure for user authentication during login 
process. 

• As per claim 3, McNabb et al. and Ferguson et al. teach the additional limitations. 
Ferguson et al. teach the method in which the database user authentication information is stored at the 
central directory (page 4, paragraph 41, Ferguson et al.). 
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• As per claim 4, McNabb et al. and Ferguson et al. teach the additional limitations. 

Ferguson et al. teach the method in which the database user authorization is stored in a schema having a 
hierarchy of schema objects (page 4, paragraph 41 , Ferguson et al.). 

• As per claim 10, McNabb et al. and Ferguson et al. teach the additional limitations. 

Ferguson et al. teach the method in which the database user authorization is stored as one or more data 
objects in the central directory (page 4, paragraph 41, Ferguson et al.). 

• As per claim 11, McNabb et al. and Ferguson et al. teach the additional limitations. 
Ferguson et al. teach the method in which the one or more objects are stored in a security subtree in the 
central directory (figure 1, page 3, paragraph 36, Ferguson et al.). 

• As per claim 12, McNabb et al. and Ferguson et al. teach the additional limitations. 

Ferguson et al. teach the method in which administrative access is controlled to one or more data objects 
in the central directory (page 25, paragraph 196, Ferguson et al.) 

• As per claim 13, McNabb et al. and Ferguson et al. teach the additional limitations. 
Ferguson etal. teach the method in which access control is implemented using an access control point 
associated with the one or more data objects in the central directory (page 19, paragraph 150, Ferguson 
et al.). 

• As per claim 14, McNabb et al. and Ferguson et al. teach the additional limitations. 

Ferguson et al. teach the method in which the access control point is associated with access policies for a 
subtree of the one or more database objects in the central directory (page 19, paragraph 145, Ferguson 
et al.). 

• As per claim 15, McNabb et al. and Ferguson et al. teach the additional limitations. 

Ferguson et al. teach the method in which the access control point is associated with access policies for a 
single entry for the one or more database objects in the central directory (page 19, paragraph 145, 
Ferguson et al.). 

• As per claim 16, McNabb et al. and Ferguson et al. teach the additional limitations. 
Ferguson et al. teach the method in which the access control point is associated with individually named 
users (page 18-19, paragraph 144-145, Ferguson et al.). 
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• As per claim 17, McNabb et al. and Ferguson et al. teach the additional limitations. 
Ferguson et al. teach the method in which the access control point is associated with a group of users 
(page 18-19, paragraph 144-145, Ferguson et al.). 

• As per claim 18, McNabb et al. and Ferguson et al. teach the additional limitations. 
Ferguson et al. teach the method in which members of the group are associated with a set of access 
privileges associated with the access control point (page 19, paragraph 145, 152, Ferguson et al.). 

7. Claims 5-9 are rejected under 35 U.S.C. 103(a) as being unpatentable over McNabb et al. (US 
6,289,462 B1) and Ferguson et al. (US 2002/0082818 A1) as applied to claim 4 above, and further in 
view of Gavrila et al. (US 2002/0026592 A1). 

As per claim 5, McNabb et al. and Ferguson et al. substantially teach the claimed invention described in 
claim 4 (as rejected above). 

However McNabb et al. and Ferguson et al. do not explicitly teach the specific use of the method in which 
the hierarchy of schema objects comprises an enterprise role, wherein the enterprise role is associated 
with one or more users and one or more locally defined roles. 

Gavrila et al. in an analogous art teach that this invention makes use, in yet a further aspect, of both local 
and global groups for the instantiation of roles on multiple computer hosts, to implement nested groups 
and to enable the integration of extant host computers, which include local user accounts and groups 
defined on independent servers and workstations, within large distributed operating systems (abstract, 
Gavrila et al.). 

Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was 
made to modify McNabb et al.'s patent with the teachings of Gavrila et al by including an additional step 
of using the method in which the hierarchy of schema objects comprises an enterprise role, wherein the 
enterprise role is associated with one or more users and one or more locally defined roles. 
This modification would have been obvious to one of ordinary skill in the art, at the time the invention was 
made, because one of ordinary skill in the art would have recognized that it would provide the opportunity 
to define a global role to associate the users with the authorization to access local databases. 

• As per claim 6, McNabb et al., Ferguson et al. and Gavrila et al. teach the additional limitations. 
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Gavrila et al. teach that the privileges associated with the one or more locally defined roles are assigned 
to the one or more users (abstract, page 3, paragraph 22, Gavrila et al.). 

• As per claim 7, McNabb et al., Ferguson et al. and Gavrila et al. teach the additional limitations. 
Gavrila et al. teach the method in which the hierarchy of schema objects comprises an enterprise domain, 
wherein the enterprise domain comprises one or more enterprise roles (page 2, paragraph 10, Gavrila et 
al.). 

• As per claim 8, McNabb et al., Ferguson et al. and Gavrila et al. teach the additional limitations. 
Gavrila et al. teach the method in which each of the one or more enterprise roles is associated with one 
or more users and one or more locally defined roles (abstract, Gavrila et al.). 

• As per claim 9, McNabb et al., Ferguson et al. and Gavrila et al. teach the additional limitations. 
Gavrila et al. teach the method in which the enterprise domain is associated with one or more network 
nodes (page 3, paragraph 22, Gavrila et al.). 

8. Claims 19, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over McNabb et al. (US 6,289,462 B1) in view of Ferguson et al. (US 2002/0082818 
A1). 

As per claim 19, McNabb et al. teach a system for managing user access information for one or more 
database network nodes, comprising: one or more database network nodes for which user access is 
sought (col. 5, lines 31-33, col. 6, lines 24-29, McNabb et al.). 

However McNabb et al. do not explicitly teach the specific use of an LDAP directory; and user access 
information data objects stored in the LDAP directory, the user access information data objects 
comprising authentication and authorization information. 

Ferguson et al. in an analogous art teach that access determination information is stored by the access 
determination component 312, which is accessible by way of database 302. This is accomplished by 
using a hierarchical file structure in which specific access is determined and operated only to those users 
to whom it should be granted. This is accomplished by user authentication via a lightweight directory 
access protocol (LDAP) server that authenticates users within particular domain names that map to 
specific customer accounts (figure 3, page 4, paragraph 41, Ferguson et al.). 



Application/Control Number: 10/084,880 Page 7 

Art Unit: 2133 

Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was 
made to modify McNabb et al.'s patent with the teachings of Ferguson et al. by including an additional 
step of using the LDAP directory; and user access information data objects stored in the LDAP directory, 
the user access information data objects comprising authentication and authorization information. 
This modification would have been obvious to one of ordinary skill in the art, at the time the invention was 
made, because one of ordinary skill in the art would have recognized that using an LDAP-compatible 
directory would provide the opportunity to use a hierarchical structure for user authentication during login 
process. 

• As per claim 26, McNabb et al. and Ferguson et al. teach the additional limitations. 
Ferguson et al. teach the system in which the user access information data objects comprise an access 
control point attribute (page 18-19, paragraph 144-145, Ferguson et al.). 

• As per claim 27, McNabb et al. and Ferguson et al. teach the additional limitations. 
Ferguson et al. teach the system in which the access control point attribute is established only if access 
control policies are established for a corresponding object (page 19, paragraph 145, Ferguson et al.). 

• As per claim 28, McNabb et al. and Ferguson et al. teach the additional limitations. 
Ferguson et al. teach the system in which the access control point attribute is associated with access 
policies for a subtree in the user access information data objects stored in the LDAP directory (page 19, 
paragraph 145, Ferguson et al.). 

• As per claim 29, McNabb et al. and Ferguson et al. teach the additional limitations. 
Ferguson et al. teach the system in which the access control point attribute is associated with access 
policies for a single entry in the user access information data objects stored in the LDAP directory (page 
19, paragraph 145, Ferguson et al.). 

• As per claim 30, McNabb et al. and Ferguson et al. teach the additional limitations. 

Ferguson et al. teach the system in which the access control point attribute is associated with individually 
named users (page 18-19, paragraph 144-145, Ferguson et al.). 

• As per claim 31 , McNabb et al. and Ferguson et al. teach the additional limitations. 
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Ferguson et al. teach the system in which the access control point attribute is associated with a group of 
users (page 18-19, paragraph 144-145, Ferguson et al.). 

• As per claim 32, McNabb et al. and Ferguson et al. teach the additional limitations. 
Ferguson et al. teach the system in which members of the group are associated with a set of access 
privileges associated with the access control (page 18-19, paragraph 144-145, Ferguson et al.). 

• As per claim 33, McNabb et al. and Ferguson et al. teach the additional limitations. 
Ferguson et al. teach the system in which the user access information data objects comprise a mapping 
object that maps a database user to a database schema (page 4, paragraph 41 , Ferguson et al.). 

• As per claim 34, McNabb et al. and Ferguson et al. teach the additional limitations. 

Ferguson et al. teach the system in which the mapping object affects a single user (page 4, paragraph 41, 
Ferguson et al.). 

• As per claim 35, McNabb et al. and Ferguson et al. teach the additional limitations. 

Ferguson et al. teach the system in which the mapping object is associated with a full distinguished name 
(page 4, paragraph 41, Ferguson et al.). 

• As per claim 36, McNabb et al. and Ferguson et al. teach the additional limitations. 

Ferguson et al. teach the system in which the mapping object is associated with a plurality of users (page 
4, paragraph 41, Ferguson et al.). 

• As per claim 37, McNabb et al. and Ferguson et al. teach the additional limitations. 
Ferguson et al. teach the system in which the mapping object is associated with a partial distinguished 
name (page 4, paragraph 41, Ferguson et al.). 

9. Claims 20-25, 38 are rejected under 35 U.S.C. 103(a) as being unpatentable over McNabb et al. 
(US 6,289,462 B1) and Ferguson et al. (US 2002/0082818 A1) as applied to claim 19 above, and further 
in view of Gavrila et al. (US 2002/0026592 A1). 

As per claim 20, McNabb et al. and Ferguson et al. substantially teach the claimed invention described in 
claim 19 (as rejected above). 
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However McNabb et al. and Ferguson et al. do not explicitly teach the specific use of the system in which 
the user access information data objects comprise a domain object that is associated with the one or 
more database network nodes. 

Gavrila et al. in an analogous art teach that a selected group of host computers compose a domain. One 
can define a user or group global with respect to a domain, in the sense that the group is recognized by 
each of the domain's member hosts (page 8, paragraph 98-99, Gavrila et al.). 
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was 
made to modify McNabb et al.'s patent with the teachings of Gavrila et al. by including an additional step 
of using the system in which the user access information data objects comprise a domain object that is 
associated with the one or more database network nodes. 

This modification would have been obvious to one of ordinary skill in the art, at the time the invention was 
made, because one of ordinary skill in the art would have recognized that using the system in which the 
user access information data objects comprise a domain object that is associated with the one or more 
database network nodes would provide the opportunity to recognize the user or a group by the members 
of the domain. 

• As per claim 21, McNabb et al., Ferguson et al. and Gavrila et al. teach the additional limitations. 
Gavrila et al. teach the system in which the domain object is associated with an enterprise role (page 8, 
paragraph 99, Gavrila et al.). 

• As per claim 22, McNabb et al., Ferguson et al. and Gavrila et al. teach the additional limitations. 
Gavrila et al. teach the system in which the enterprise role is associated with a local database role 
(abstract, Gavrila et al.). 

Ferguson et al. teach database (page 4, paragraph 41, Ferguson et al.). 

• As per claim 23, McNabb et al., Ferguson et al. and Gavrila et al. teach the additional limitations. 
Gavrila et al. teach the system in which the scope of the local database role is locally defined at a local 
database network node (page 3, paragraph 22, Gavrila et al.). 

Ferguson et al. teach database (page 4, paragraph 41, Ferguson et al.). 

• As per claim 24, McNabb et al., Ferguson et al. and Gavrila et al. teach the additional limitations. 
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Gavrila et al. teach the system in which the enterprise role is associated with one more users (page 3, 
paragraph 22, Gavrila et al.). 

• As per claim 25, McNabb et al., Ferguson et al. and Gavrila et al. teach the additional limitations. 
Gavrila et al. teach the system in which each of the one or more users is associated with privileges 
defined for the enterprise role (abstract, page 3, paragraph 22, Gavrila et al.). 

• As per claim 38, McNabb et al., Ferguson et al. and Gavrila et al. teach the additional limitations. 
Gavrila et al. teach the system in which the enterprise role is associated with local database roles from a 
plurality of database nodes (abstract, Gavrila et al.). 

10. Claim 39 is rejected under 35 U.S.C. 103(a) as being unpatentable over McNabb et al. (US 
6,289,462 B1) in view of Gavrila et al. (US 2002/0026592 A1). 

As per claim 39, McNabb et al. teaches a process for managing user access information for database 
network nodes, the process comprising: storing database user authorization in a central directory, the 
database user authorization comprising a user role; storing database user authentication information; 
locally defining the user role at a network node; receiving an access request from a user for the network 
node; authenticating the user based upon the database user authentication information; and granting the 
user privileges on the network node based upon the user role (col. 5, lines 20-30, lines 47-61, col. 6, lines 
26-29, McNabb et al.). 

However McNabb et al. do not explicitly teach the specific use of a computer program product that 
includes a medium usable by a processor, the medium having stored thereon a sequence of instructions 
that can be executed by said processor. 

Gavrila et al. in an analogous art teach a computer program product containing computer readable code 
for causing a machine to perform the method (page 19, claim 22, Gavrila et al.). 
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was 
made to modify McNabb et al.'s patent with the teachings of Gavrila et al. by including an additional step 
of using a computer program product that includes a medium usable by a processor, the medium having 
stored thereon a sequence of instructions that can be executed by said processor. 
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This modification would have been obvious to one of ordinary skill in the art, at the time the invention was 
made, because one of ordinary skill in the art would have recognized that using a computer program 
product that includes a medium usable by a processor, the medium having stored thereon a sequence of 
instructions that can be executed by said processor would provide the opportunity to execute the process 
faster and accurately. 
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Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Dipakkumar Gandhi whose telephone number is 703-305-7853. The examiner can 
normally be reached on 8:30 AM - 5:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Albert Decady can be reached on (703) 305-9595. The fax phone number for the organization where this 
application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). 
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